Learn how to securely transfer session state from your client application to your server for performing operations on behalf of authenticated users.

Exporting Sessions for Server-Side Operations

Use exportSession() when you need to transfer session state to your server for performing operations on behalf of the user.

By default, the exported session includes user signers which allow for server-side signing. If you don’t need signing capabilities on your server, use the excludeSigners option to enhance security.

Example Usage

Example client-side export:

const para = new Para(env, apiKey);

// After user authentication
// Full session with signing capabilities
const fullSession = para.exportSession();

// OR

// Session without signing capabilities (recommended if signing not needed)
const secureSession = para.exportSession({ excludeSigners: true });

// Send to your server

Importing Sessions

For cases where you need to import a previously exported session back into a Para client instance:

const para = new Para(env, apiKey);

// Import a previously exported session
await para.importSession(exportedSessionString);

// Session is now active and ready for operations
const isActive = await para.isSessionActive(); // Should return true

Server-Side Implementation

To learn more about handling session on the server, check out the following guide:

Server-Side Session Management

Best Practices

  • Security-First Approach: When exporting sessions to servers, use excludeSigners: true unless server-side signing is explicitly needed
  • Secure Transmission: Always use HTTPS when transmitting exported sessions to your server
  • Session Validation: Verify the session validity on your server before performing any operations